Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Winfixer, Aurora, and some other mumbo jumbo

raiyen

Posted 13 August 2005 - 01:39 AM

raiyen

New Member

Member

7 posts

Hello. I'm here because I seriously have no idea what to do. I followed all the steps in the READ THIS first thread but that win fixer program isn't going away. Also I think my registry has problems as well. Ewido keeps giving me warning and I try to clean them but they just keep coming up.

I don't know if this will help but I had SP2 but it said that if I had malware it'd be bad, so I deleted it and put in SP1. It might have been a stupid move, but I know nothing about computers.

andydf

Posted 19 August 2005 - 04:02 AM

andydf

Visiting Staff

Visiting Consultant

1,660 posts

Hi raiyen

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Please download APT and unzip the contents to a new folder on your desktop.

Open the folder you just created and click on apt.exe and search in the window for C:\WINDOWS\svcproc.exe.

Open your C:\Windows folder and search for svcproc.exe.
Don't delete it yet, just leave the Windows folder open so you can see the bad file.

In APT again, Select C:\WINDOWS\svcproc.exe and Click Kill3

Then immediately delete svcproc.exe from your c:\windows folder.

Close APT.

To reboot into SafeMode with Windows XP, you can follow these steps from Microsoft:

Next, please reboot your computer in SafeMode by doing the following:

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, start tapping press F8 key.

Instead of Windows loading as normal, a menu should appear

Select the first option, to run Windows in Safe Mode.

Once in Safe Mode, please double-click on nailfix.exe. Click "Next" in the setup, then make sure "Run Nailfix" is checked and click "Finish". Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Now open ewido and do a scan of your system.

Click on scanner

Click on Complete System Scan and the scan will begin.

You will be prompted to clean the first infection.

Select "Perform action on all infections", then proceed.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report

Click Save report.

Save the report .txt file to your desktop or a location where you can find it easily.

Now scan with HJT and place a checkmark next to each of the following items:O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

*IMPORTANT NOTE*CleanUp deletes EVERYTHING out of your temp/temporary folders, it does not make backups.If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp

Running CleanUp

Start CleanUp by double-clicking the icon on your desktop (or from the Start > All Programs menu).

When CleanUp starts go to the Options button (right side of CleanUp screen)

Move the arrow down to "Custom CleanUp!"

Now place a checkmark next to the following (Make sure nothing else is checked!):

Delete Cookies
This is optional, if you leave the box checked it will remove all of your cookies, at this point removing cookies is a good idea

Empty Recycle Bins

Delete Prefetch files

Cleanup! All Users

Click OK

Then click on the CleanUp button. This will take a short while, let it do its thing.

When asked to reboot system select No

Close CleanUp

Finally, restart your computer back into Normal Mode and please post a new HJT log, as well as the ewido report log from the Ewido scan by using Add Reply

Posted 19 August 2005 - 05:58 PM

andydf

Posted 20 August 2005 - 06:57 AM

andydf

Visiting Staff

Visiting Consultant

1,660 posts

Hi raiyen

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Please re-open the APT folder

Click on apt.exe and search in the window for C:\Program Files\WinFixer 2005\wfx5.exe.

Open your C:\Windows\Program Files\WinFixer 2005 folder and search for wfx5.exe.
Don't delete it yet, just leave the system32 folder open so you can see the bad file.

To reboot into SafeMode with Windows XP, you can follow these steps from Microsoft:

Next, please reboot your computer in SafeMode by doing the following:

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, start tapping press F8 key.

Instead of Windows loading as normal, a menu should appear

Select the first option, to run Windows in Safe Mode.

Once in Safe Mode, please double-click on nailfix.exe. Click "Next" in the setup, then make sure "Run Nailfix" is checked and click "Finish". Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Now open ewido and do a scan of your system.

Click on scanner

Click on Complete System Scan and the scan will begin.

You will be prompted to clean the first infection.

Select "Perform action on all infections", then proceed.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report

Click Save report.

Save the report .txt file to your desktop or a location where you can find it easily.

Now scan with HJT and place a checkmark next to each of the following items:O4 - HKLM\..\Run: [WinFixer 2005] C:\Program Files\WinFixer 2005\wfx5.exe

*IMPORTANT NOTE*CleanUp deletes EVERYTHING out of your temp/temporary folders, it does not make backups.If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp

Running CleanUp

Start CleanUp by double-clicking the icon on your desktop (or from the Start > All Programs menu).

When CleanUp starts go to the Options button (right side of CleanUp screen)

Move the arrow down to "Custom CleanUp!"

Now place a checkmark next to the following (Make sure nothing else is checked!):

Delete Cookies
This is optional, if you leave the box checked it will remove all of your cookies, at this point removing cookies is a good idea

Empty Recycle Bins

Delete Prefetch files

Cleanup! All Users

Click OK

Then click on the CleanUp button. This will take a short while, let it do its thing.

When asked to reboot system select No

Close CleanUp

Finally, restart your computer back into Normal Mode and please post a new HJT log, as well as the ewido report log from the Ewido scan by using Add Reply

raiyen

Posted 21 August 2005 - 11:43 PM

raiyen

New Member

Topic Starter

Member

7 posts

Hi andy. I was following the steps you suggested but when I was looking for the files that you told me to remove they weren't there. Also the O23 - Service: System Startup Service (SvcProc) - Unkown owner - C:\WINDOWS\svcproc.exe file, I couldn't find when fixing things w/ HJT.

andydf

Posted 22 August 2005 - 01:40 PM

Please let me know how your system is running. Also please read the list below especially the windows update section.

Andy

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.

SpywareBlaster - Great prevention tool to keep nasties from installing on your system.

SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.

Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)